Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpgroupware | Phpgroupware | * | 0.9.16.005 (including) |
Phpgroupware | Phpgroupware | 0.9.16.000 (including) | 0.9.16.000 (including) |
Phpgroupware | Phpgroupware | 0.9.16.002 (including) | 0.9.16.002 (including) |
Phpgroupware | Phpgroupware | 0.9.16.003 (including) | 0.9.16.003 (including) |